I see from the code that currently the kernel UDP sockets have checksums enabled. I also note the message from November speculating upon if in band control messages should be added.
One thing I was pondering recently in the context of UDP tunnelling, is that one doesn't really need to have UDP checksums on the encapsulating packet, since they payload itself is eventually protected by its IPv4 header checksum, and likewise its transport payload being protected by its own TCP/UDP/etc checksum. [OK - some exceptions, but valid to a first approximation] In the case of a crypto tunnel tunnel when using a verified / authenticated crypto algorithm, any lower level UDP checksum is even more redundent. The one place where UDP checksums would stil seem to be useful is for any in band control messages, if they were themselves not covered by the crypto layer. i.e. c.f. OpenVPN and its payload vs control messages. Which then got me to thinking that one could sort of cheat, and use the checksum field in the UDP header as an indicator of if the payload is control or data. All zero bits for data, none zero (including 0xffff) for control. This would also have the advantage that if one is using a system without support for h/w checksum offload, one gets to save a bit of CPU; however that may or may not be significant depending upon just if/when packet memory if touched, and by which cores in a system. i.e. I'm pondering a non Linux kernel implementation. So - thoughts? Is it worth doing something like this for wireguard? DF _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard